PT-2022-27840

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 3.5.5 Apache CXF versions prior to 3.4.10 Description A Server-Side Request Forgery SSRF issue exists in the parsing of the href attribute of XOP:Include in MTOM requests. This allows an attacker to perform SSRF...

CVE-2022-37429

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...

CVE-2022-37430

Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link issue 2 of 2...

CVE-2022-37429

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...

Design/Logic Flaw

Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link issue 2 of 2...

CVE-2022-37429

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...

CVE-2022-37430

Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link issue 2 of 2...

silverstripe framework 跨站脚本漏洞

silverstripe framework is a CMS web framework. A security vulnerability exists in silverstripe framework version 4.11 and earlier, which originates from allowing XSS to exist via the href attribute of a link...

CVE-2022-37429

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...

CVE-2022-37430

Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link issue 2 of 2...

Stored XSS using HTMLEditor

A malicious content author could add a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. An attacker must have access to the CMS to exploit this issue...

Stored XSS using uppercase characters in HTMLEditor

A malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn't account for the casing of the href attribute. An attacker must have access to the CMS to exploit this issue...

GHSA-QW4W-VQ8V-2WCV Stored XSS using uppercase characters in HTMLEditor

A malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn't account for the casing of the href attribute. An attacker must have access to the CMS to exploit this issue...

CVE-2022-44786

An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do POST and GET requests to each application...

PT-2022-27309 · Unknown · Appalti & Contratti

Name of the Vulnerable Software and Affected Versions: Appalti & Contratti version 9.12.2 Description: An issue was discovered in the target web applications, allowing Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do...

PT-2022-23993 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions through 4.11 Description: The issue allows for XSS via a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. A malicious content author cou...

PT-2022-23994 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions through 4.11 Description: The issue allows for an XSS vulnerability via the href attribute of a link. A malicious content author could add a JavaScript payload to the href attribute. This is simila...

Maggioli SpA Appalti & Contratti 安全漏洞

Maggioli SpA Appalti & Contratti is a modular platform of Maggioli SpA. It consists of several integrated web applications to support Italian public administrations in the computerization and telematics management of their processes. A security vulnerability exists in Maggioli SpA Appalti &...

HyperDown vulnerable to Cross-site Scripting

HyperDown is a markdown parser written for the Chinese website SegmentFault. Improper validation of the href attribute allows for Cross-site Scripting. At publication there are no patched versions, and no known workarounds...

GHSA-4R9G-W48Q-8JWM HyperDown vulnerable to Cross-site Scripting

HyperDown is a markdown parser written for the Chinese website SegmentFault. Improper validation of the href attribute allows for Cross-site Scripting. At publication there are no patched versions, and no known workarounds...